Lucene search
K

9066 matches found

CVE
CVE
added 2004/09/01 4:0 a.m.61 views

CVE-2002-1511

The CVE-2002-1511 issue affects the vncserver wrapper for VNC prior to version 3.3.3r2-21, which uses rand() instead of srand() and thus generates weak cookies. Consequences are limited to authentication cookie guessing for VNC access. Publicly documented fixes are available: Red Hat RHSA-2003:06...

5CVSS6.6AI score0.01808EPSS
Exploits0References9Affected Software2
CVE
CVE
added 2004/09/01 4:0 a.m.51 views

CVE-2002-1188

CVE-2002-1188 affects Microsoft Internet Explorer 5.01–6.0. The vulnerability arises from uses of the OBJECT tag that are not subjected to proper security checks, enabling remote attackers to disclose information by identifying the path to the Temporary Internet Files folder and accessing user da...

6.4CVSS6.5AI score0.12293EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.23 views

CVE-2002-1511

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand function instead of srand, which causes vncserver to generate weak cookies...

6.5AI score0.01808EPSS
Exploits0References9
CVE
CVE
added 2004/09/01 4:0 a.m.70 views

CVE-2002-1160

The CVE-2002-1160 issue concerns the pam_xauth module, where the default configuration forwards MIT-Magic-Cookies to new X sessions. This can enable a local attacker to gain an administrator’s X session by stealing the cookie from a temporary .xauth file created after root uses su. Public sources...

7.2CVSS6.5AI score0.00431EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.34 views

CVE-2002-1160

The default configuration of the pamxauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su...

6.5AI score0.00431EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.12 views

GLSA-200408-23 : kdelibs: Cross-domain cookie injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200408-23 kdelibs: Cross-domain cookie injection vulnerability kcookiejar contains a vulnerability which may allow a malicious website to set cookies for other websites under the same second-level domain. This vulnerability applie...

5.7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/08/23 12:0 a.m.20 views

eGroupWare <= 1.0.00.003 Multiple Module XSS

The remote version of eGroupware is vulnerable to a cross-site scripting attack. This could allow a remote attacker to steal the cookies of a legitimate user by tricking them into clicking a maliciously crafted URL. eGroupware reportedly has other cross-site scripting vulnerabilities, though Ness...

4.3CVSS5.1AI score0.0362EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2004/08/20 12:0 a.m.19 views

Nihuo Web Log Analyzer 1.6 - HTML Injection

source: https://www.securityfocus.com/bid/10988/info An HTML injection vulnerability is reported in Nihuo Web Log Analyzer. The problem occurs due to a lack of proper sanitization of user-supplied input data. Attackers may potentially exploit this issue to manipulate web content or to steal...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.21 views

Mozilla Firefox < 3.0.11 Multiple Vulnerabilities

Binary data 5072.prm...

9.3CVSS7.3AI score0.09282EPSS
Exploits9References21
CERT
CERT
added 2004/08/05 12:0 a.m.14 views

Board Power contains cross-site scripting vulnerability in the 'action' parameter of 'icq.cgi'

Overview Board Power fails to filter malicious content provided in the URL, leading to a cross-site scripting vulnerability. Attackers who exploit this vulnerability may be able to execute arbitrary scripts. Description Board Power is a forum application available for multiple operating systems...

6.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.32 views

Mac OS X Terminal Application Unspecified Issue (Security Update 2003-11-04)

The remote host is missing Mac OS X Security Update 2003-11-04. This update fixes a flaw in the Terminal application that may allow a rogue web site to access the web cookies of the user of the remote host. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include"compat.inc";...

4.6CVSS5.4AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/04/07 4:0 a.m.21 views

CVE-2004-0379

Multiple cross-site scripting XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts...

6AI score0.08128EPSS
Exploits0References2
securityvulns
securityvulns
added 2004/03/17 12:0 a.m.32 views

PHPX 2.x - 3.2.4

PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2004/03/17 12:0 a.m.41 views

phpx324.txt

PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/02/03 12:0 a.m.26 views

PHPX 3.2.3 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/9569/info Multiple vulnerabilities were reported in PHPX. The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies. These issues were reported to exist in PHPX 3.2.3. Earlier versions are also...

7AI score
Exploits0
exploitpack
exploitpack
added 2004/02/01 12:0 a.m.11 views

ASP Portal - Multiple Vulnerabilities

ASP Portal - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2004/02/01 12:0 a.m.34 views

ASP Portal - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inje...

7AI score
Exploits0
exploitpack
exploitpack
added 2004/01/26 12:0 a.m.23 views

Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting

Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/9496/info Cherokee has been reported to contain a cross-site scripting vulnerability via error pages. An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or...

6.8AI score
Exploits0
CVE
CVE
added 2004/01/15 5:0 a.m.75 views

CVE-2003-0965

CVE-2003-0965 is a cross-site scripting (XSS) vulnerability in the Mailman admin CGI script before 2.1.4. The issue allows remote attackers to steal session cookies and perform unauthorized activities via the administrative interface. Affected: Mailman (admin CGI). Root cause: XSS in the admin UI...

6.8CVSS5.5AI score0.01997EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2004/01/15 5:0 a.m.44 views

CVE-2003-0965

Removed by vendor...

6.8CVSS6.7AI score0.01997EPSS
Exploits0
Rows per page
Query Builder